What is self-service password reset?
Self-service password reset (SSPR) is the functionality that allows users to reset their passwords without requiring assistance from an administrator, tech support, or help desk. The process works by providing prompts users follow to unlock their accounts and change their passwords.
Organizations often use self-service password reset software to reset forgotten or lost passwords without the help of their IT admins so that employees, customers, and other individuals can reset this information at any hour of the day.
Benefits of self-service password reset
Self-service password reset is a way for companies to prevent lost productivity while maintaining proper security measures. Here are some of the main benefits companies can expect after implementing SSPR:
- Saves time: Users can regain access to their accounts safely without reaching out to an administrator. Doing this reduces periods when work cannot be completed due to lost access, allowing the administrator to spend time on more impactful tasks.
- Notifications: Notification settings can be configured within the SSPR program to notify both the users and the identity administrators when login information is updated.
- Enhanced security: Users can regain access to their accounts without assistance while maintaining security through careful authentication processes, often two-faction authentication.
- Financial implications: The productivity loss that results from password reset situations without SSPR can result in a loss of profit, both for the company and the employee.
- Password synchronization: SSPR software can provide password synchronization so that one changed password automatically propagates in associated user directories. This saves time and helps employees manage this information more efficiently.
Basic elements of self-service password reset
SSPR works by providing users with pre-registered authentication methods to regain account access. The following factors are typically considered during the SSPR process:
- Localization: How the page will be localized, which determines what language is displayed to users
- Account validity: Whether or not the user account is valid within the program
- User source: What organization the user belongs to
- Password management: Where the user’s password is stored or managed
- Licensing: Whether or not the user is licensed to use the software
Self-service password reset authentication methods
Administrators can configure the number of authentication methods required to regain account access. In most cases, users will need to provide one or two of the following authentication methods:
- Mobile app notification: Often a notification that prompts the user to click “Yes” or “No” in reply to whether or not they tried logging into an account.
- Mobile app code: A mobile app provides a code via push notification that employees can use to regain account access.
- Email: An email can be sent to the user’s email address with a link to regain access.
- Mobile phone: Either a call or text is made to the user’s dedicated mobile phone number. The user will receive a code or link via text or be prompted to click specific keys to authenticate.
- Office phone: This option often requires the company to pay a subscription fee. Authentication calls will be made to the employee’s dedicated office phone number.
- Security questions: The user will be prompted to answer predetermined security questions to regain account access. A common security question is, “What is your mother’s maiden name?” Users should choose questions with clear answers that they will never forget.
Self-service password reset best practices
SSPR best practices are all about keeping company accounts and information secure. Here are some best practices to ensure all information is protected:
- CAPTCHA (completely automated public Turing test to tell computers and humans apart): CAPTCHA support can be enabled as an additional authentication method. This method is a security measure known as challenge-response authentication. Users complete a challenge to prove they are not computers.
- Configure HTTPS and LDAPS: HTTPS combines hypertext transfer protocol and secure socket layer/transport layer security protocol. It’s an authentication and security protocol often used by browsers and web servers. It protects the integrity and confidentiality of data between the user’s computer and the server itself. LDAPS allows for the encryption of user credentials in transit during any communication with the server. Together, these configurations can provide end-to-end data security.
- Encryption protocol: A strong encryption protocol should be in place for formatted hashed stored responses.
- Source network addresses: SSPR should be configured to note source network addresses so that the company can maintain complete audit records.